[PATCH 04/20] AP: Correctly set WLAN_RSNX_CAPAB_KEK_IN_PASN

[Andrei Otcheretianski]

From: Ilan Peer <ilan.peer at intel.com>

The WLAN_RSNX_CAPAB_KEK_IN_PASN should be set in the RSNXE
only when EPPKE is used.

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
 src/ap/ieee802_11_shared.c | 3 ++-
 src/ap/wpa_auth_ie.c       | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index a6decab8d9..831fbb0978 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -1164,8 +1164,9 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
 	    (hapd->conf->assoc_frame_encryption ||
 	    hapd->conf->pmksa_caching_privacy)) {
 		capab |= BIT(WLAN_RSNX_CAPAB_ASSOC_FRAME_ENCRYPTION);
-		capab |= BIT(WLAN_RSNX_CAPAB_KEK_IN_PASN);
 	}
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_EPPKE)
+		capab |= BIT(WLAN_RSNX_CAPAB_KEK_IN_PASN);
 	if (hapd->conf->pmksa_caching_privacy)
 		capab |= BIT(WLAN_RSNX_CAPAB_PMKSA_CACHING_PRIVACY);
 	if (hapd->conf->eap_using_authentication_frames)
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 07abe86c8b..ff797f73e9 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -582,10 +582,10 @@ static u64 rsnxe_capab(struct wpa_auth_config *conf, int key_mgmt)
 	 * Frame Encryption Support field in the RSNXE to 1.
 	 */
 	if (conf->assoc_frame_encryption ||
-	    conf->pmksa_caching_privacy) {
+	    conf->pmksa_caching_privacy)
 		capab |= BIT(WLAN_RSNX_CAPAB_ASSOC_FRAME_ENCRYPTION);
+	if (key_mgmt & WPA_KEY_MGMT_EPPKE)
 		capab |= BIT(WLAN_RSNX_CAPAB_KEK_IN_PASN);
-	}
 	if (conf->pmksa_caching_privacy)
 		capab |= BIT(WLAN_RSNX_CAPAB_PMKSA_CACHING_PRIVACY);
 	if (conf->eap_using_authentication_frames)
-- 
2.53.0